GDPR states that the processing organization should adopt internal policies and implement measures that meet, in particular, the principles of data protection by design and data protection by default. A data protection impact assessment will help you achieve this by ensuring that all personal data collection, processing, storage and destruction measures are designed to secure privacy.
GDPR defines consent as any freely given, specific, informed and unambiguous indication from individuals to legitimize an individual's personal data by the processing organizations. The processing organization should be able to demonstrate proof of consent and allow individuals to review previously given consents and withdraw it if necessary.
Copyright © O24AI 2019, All rights reserved